Things that Go ‘Bump’ in the ‘Net

Alice Marwick, assistant professor of communication and media studies at Fordham University, discusses her newly-released book, Status Update: Celebrity, Publicity, and Branding in the Social Media Age. Marwick reflects on her interviews with Silicon Valley entrepreneurs, technology journalists, and venture capitalists to show how social media affects social dynamics and digital culture. Marwick answers questions such as: Does “status conscious” take on a new meaning in the age of social media? Is the public using social media the way the platforms’ creators intended? How do you quantify the value of online social interactions? Are social media users becoming more self-censoring or more transparent about what they share? What’s the difference between self-branding and becoming a micro-celebrity? She also shares her advice for how to make Twitter, Tumblr, Instagram and other platforms more beneficial for you.

With renewed interest in the failings of the Computer Fraud and Abuse Act and the role of prosecutorial discretion in its application in light of the tragic outcome in the Aaron Swartz case, I went back to what I wrote about the law in 2009.

Back then, the victim of both the poorly-drafted amendments to CFAA that expanded its scope from government to private computer networks and the politically-motivated zeal of federal prosecutors reaching for something—anything—with which to punish otherwise legal but disfavored behavior was trained on Lori Drew, a far less sympathetic defendant.

But the dangers lurking in the CFAA were just as visible in 2009 as they are today. Those who have recently picked up the banner calling for reform of the law might ask themselves where they were back then, and why the ultimately unsuccessful Drew prosecution didn’t raise their hackles at the time.

The law was just as bad in 2009, and just as dangerously twisted by the government. Indeed, the Drew case, as I wrote at the time, gave all the notice anyone needed of what was to come later. Continue reading →

Here’s the notice I’ve been getting the last few days when, logged into Facebook from a computer, I try to post a comment or update my status.

Clever observers will note that the recommendation to log in from a computer is misplaced, as I get it when I’m logged in from a computer. Facebook gives me no instructions when I log in (or when I log out and log in again), though it did once ask me to change my password, which I did.

Most likely, Facebook’s algorithms believe I’ve violated some part of the Terms of Service, such as by repetitive posting or other spammy behavior. My exclusion from the site began contemporaneous with my attempt to post a single comment that failed for reasons I couldn’t discern in several tries.

Undoubtedly, my friends at Facebook will leap to my aid and clear this up for me in short order, feeling slightly stung that I “went public” with the problem rather than going to them. But I wanted to experience this as an ordinary consumer, not as a member of the digerati with insider access to people at important companies. In the past, I’ve used insider access with services like PayPal and (the now defunct) Bitcoin7 to get help that an ordinary user couldn’t have gotten. Bully for me that I can do that, but my experience is atypical and no basis for observing how the world works.

The National Transportation Safety Board recommended yesterday that states ban all non-emergency use of portable electronic devices while driving, except for devices that assist the driver in driving (such as GPS). The recommendation followed the NTSB’s investigation of a tragic accident in Missouri triggered by a driver who was texting.

Personally I don’t see how someone can pay attention to the road while texting. (I’m having a hard enough time paying attention to a conference presentation while I’m typing this!) But the National Transportation Safety Board’s recommendation is a classic example of regulatory overreach based on anecdote. The NTSB wants to use one tired driver’s indefensible and extreme texting (which led to horrific results) as an excuse to ban all use of portable electronic devices while driving – including hands-free phone conversations. Before states act on this recommendation, they should carefully examine systematic evidence – not just anecdotes — to determine whether different uses of handheld devices pose different risks. They should also consider whether bans on some uses would expose drivers to risks greater than the risk the ban would prevent.

Daily news service TechLawJournal (subscription) reports that the U.S. District Court (DC) has granted summary judgment to the National Security Agency in EPIC v. NSA, a federal Freedom of Information Act (FOIA) case regarding the Electronic Privacy Information Center’s request for records regarding Google’s relationship with the NSA.

EPIC requested a wide array of records regarding interactions between Google and the NSA dealing with information security. Reports TLJ:

The NSA responded that it refused to confirm or deny whether it had a relationship with Google, citing Exemption 3 of FOIA (regarding records “specifically exempted from disclosure by statute”) and Section 6 of the National Security Agency Act of 1959 (which prohibits disclose of information about the NSA).

The FOIA merits of EPIC’s suit are one thing. It’s another for Google to have an intimate relationship with a government agency this secretive.

This would be a good time to not be evil. Google should either sever ties with the NSA or be as transparent (or more) than federal law would require the NSA to be in the absence of any special protection against disclosure.

My expectations of the Electronic Frontier Foundation are high. It’s an organization that does a tremendous amount of good, advocating for rights to freely use new technologies. Alas, a blog post about how good EFF is would be as interesting as a newspaper story about the lack of house fires in Springfield. So I’ll share how I feel EFF has gone wobbly on Bitcoin.

Bitcoin, the very interesting distributed digital currency that is inflation-, surveillance-, and confiscation-resistant, hasbeengetting a lot of attention. EFF announced yesterday, though, that it would reverse course and stop accepting donations denominated in Bitcoin.

Its justifications, laid out in a blessedly brief and well-organized blog post, were three: Continue reading →

If you’re like me, you woke up at the crack of dawn today to maximize your enjoyment of World IPv6 Day. Don’t want to miss a minute! If you’re like me, you’ll also say untruthful things as a very dry form of sarcasm. I hope you got that.

Whatever your interest in IPv6—learn more by reading this heresy—you should take interest in whether the next generation of the Internet protocol will erode or enhance your ability to protect privacy. That’s a question that’s been gnawing at me for a long time.

IPv4 was designed without enough numbers to accommodate the worldwide, multiple-device Internet we’ve got today. IPv5 seems to have disappeared—and I’m desperate to know what happened to it. (see above re: sarcasm) Now we’re talking about IPv6, a major feature of which is that it has enough numbers to assign one to every device on the globe.

IPv6’s ginormous number space is great for simplifying the maintenance of quality communications on the modern Internet, but it could suck for privacy. You see, if every device can be assigned a permanent number, that number will act as a permanent identifier, and lots of privacy-reducing inferences can be drawn. I.e., “If I saw this IP number before, it’s probably the same device and the same person I dealt with before.” Communications and interactions that don’t require or benefit from tracking become trackable anyway. We lose a structural protection of privacy.

Luckily, the designers of the IPv6 protocol thought of that. Christopher Parsons explains in a thorough post from last year that the IPv6 protocol calls for rolling assignment of randomized numbers for initiators of communications. A Web server has to have a fixed address, of course. It’s the target of communications requests, and people need to know where to find it. But the computers that ask for content from such servers do not. IPv6 allows those devices to have transient, pretty darn random numbers that change with regularity. This way, the records of your surfing that come to rest in servers all over the world cannot be combined into a dossier of everything you ever did online. Your computer’s IP address does not become your de facto worldwide identifier.

But here’s the question: To what extent is this part of IPv6 being implemented? Are the organizations implementing IPv6 including randomized numbers for initiators of communications? Parsons has a clever turn of phrase suggesting one reason why they may not: “the ‘security institutions’ are better at dissolving privacy protections than the privacy community is at enshrining privacy in law.” It could also be simply that there’s some cost associated with IPv6’s randomization.

So, does anyone know the status of randomization in the IPv6 protocol? Is it being implemented?

The good news, I think, is that it seems fairly easy to test whether an ISP is deploying IPv6 in full or short-cutting on randomization. Set up a server out there, ping it with a consistent communication, and see if it sees the communication coming from a consistent IP address. If it does, then IPv6 randomization is not working. That’s a problem.

Given the wisdom of “trust but verify,” I suppose this is not only an appeal for information about present practice, but a request that some group of technical smarties out there set up a system for routine verification that IPv6 randomization is fully and properly implemented by Internet service providers and other major deployers of Internet protocol. If you’ve already done it, do tell! Thanks!

The FCC’s definition is based on the speed necessary to support streaming video. I rarely watch video on my computer. But tonight I had a chance to test the wisdom of the FCC’s definition. I’m in rural southern Delaware with broadband access only via a 3G modem. I wanted to watch more State of the Union coverage than the broadcast channels out here carried. So, I fired up the old PC and watched things on CNN.com. The video showed up fine and smooth, and it didn’t even burp when I opened another window to start working on this post.

So now I have not just analysis that questions the FCC’s definition of broadband, but that most precious of commodities in Washington regulatory debates: AN ANECDOTE!!!

When it comes to technology policy, I’m usually a fairly optimisticguy. But when it comes to technology politics, well, I have my grumpier moments. I had at particularly grumpy moment earlier this summer when I was sitting at a hearing listening to a bunch of high-tech companies bash each other’s brains in and basically calling for lawmakers to throw everyone else under the regulatory bus except for them. Instead of heeding Ben Franklin’s sound old advice that “We must, indeed, all hang together, or assuredly we shall all hang separately,” it’s increasingly clear that high-tech America seems determined to just try to hang each other. It’d be one thing if that heated competition was all taking place in the marketplace, but, increasingly, more and more of it is taking place inside the Beltway with regulation instead of innovation being the weapon of choice.

That episode made me think back to the outstanding 2000 manifesto penned by T. J. Rodgers, president and CEO of Cypress Semiconductor, “Why Silicon Valley Should Not Normalize Relations with Washington, D.C.” I went back and re-read it upon the 10th anniversary of its publication by the Cato Institute and, sadly, came to realize that just about everything Rodgers had feared and predicted had come true. Rodgers had attempted to preemptively discourage high-tech companies from an excessive “normalization” of relations with the parasitic culture that dominates Washington by reminding them what Washington giveth it can also taketh away. “The political scene in Washington is antithetical to the core values that drive our success in the international marketplace and risks converting entrepreneurs into statist businessmen,” he warned a decade ago. “The collectivist notion that drives policymaking in Washington is the irrevocable enemy of high-technology capitalism and the wealth creation process.” And he reminded his fellow capitalists “that free minds and free markets are the moral foundation that has made our success possible. We must never allow those freedoms to be diminished for any reason.”

Alas, as I point out in my new Cato Policy Report essay “The Sad State of Cyber-Politics,” no one listened to Rodgers. Indeed, Rodgers’s dystopian vision of a highly politicized digital future has taken just a decade to become reality. The high-tech policy scene within the Beltway has become a cesspool of backstabbing politics, hypocritical policy positions, shameful PR tactics, and bloated lobbying budgets. I go on in the article to itemize a litany of examples of how high-tech America appears determined to fall prey to what Milton Friedman once called “The Business Community’s Suicidal Impulse“: the persistent propensity to persecute one’s competitors using regulation or the threat thereof.

It’s a sad tale that doesn’t make for enjoyable reading, but I do try to end the essay on an upbeat (if somewhat naive) note. If you are interested, you can find the plain text version on the Cato website here and I’ve embedded the PDF of the publication down below in a Scribd Reader. Continue reading →

To hails of derision in some quarters—I’m looking at you, Adam—I have talked about how social media will occupy some of the space being ceded by traditional news reporting, which is struggling to find a business model. Perhaps with validation from an official, vetted, professional, dead-tree news source, it will seem less ridiculous to talk about news reporting being generated spontaneously by people “on the scene” or with the greatest knowledge of facts and conditions in a particular area.

Think of the mental habit that has us calling police and fire personnel “first responders.” They are almost always, in fact, second responders, with first response undertaken by average citizens, who often do a pretty good job of it. Think of the true first responders to recent attempted bombings on transatlantic flights: ordinary citizens who thwarted the underwear and shoe bombers. (I risk painting too heroic a picture . . . .)

Newspaper reporters and photographers are intellectual second responders, who come in after the fact, as generalists, to summarize events and trends for us. Yet these are who we look to as authorities on what happened, and how to think about it? That doesn’t seem to make sense if there are other options for being informed. And now there are.

I’ll take a cue from Adam’s good work in debunking the Internet pessimists who argue that “closed” access and technology models are strangling the open/’generative’ Internet: There’s plenty of room for both—both traditional journalism, as it finds its new niche, and reporting by ordinary people who are on the scene and who have superior knowledge in a particular domain.

I suspect that we’ll find better media and filters than Twitter’s firehose of info-pellets by which to learn about things like the hostage-taking in the D.C. area. There may even be a business model in it. Go to it, technology and markets!